Archive for October, 2006

WiFi Authentication

October 28, 2006

When you setup your computers on your network, and your network is used by more than one person, you’ll likely have files and folders on your computer that you don’t want other people to access. Windows file sharing, and access permissions, is an intricate subject with many possibilities.

When you setup your WiFi LAN, you probably have simpler goals.

  • Allow you (and your family, friends, co-workers, other folks you know) to connect to your LAN.
  • Prevent folks you don’t know from connecting to your LAN.

With these simple goals, you setup very simple security. Give everybody (every computer) a simple, pre-shared key. WPA-PSK is the simplest effective solution for securing your WiFi LAN.

Given the possibility that you might not want everybody to have WiFi access permanently, WPA-PSK may not be versatile enough for you. You can setup individual access, using 802.1x, or RADIUS based, authentication. To use 802.1x authentication, you have to setup 3 components.

  • A RADIUS server.
  • Your router or WiFi access point.
  • Your WiFi clients.

If you select 802.1x authentication when you setup your WiFi client, and you don’t have a RADIUS server, your WiFi client will spend a lot of time needlessly trying to contact a RADIUS server. If your WiFi connection drops regularly, and resumes with no action taken by you, check your WiFi client, and make sure that 802.1x authentication is not enabled.

Interestingly enough, 802.1x authentication is a selectable feature on most client connections, Ethernet as well as WiFi. Selecting 802.1x authentication on an Ethernet LAN, without a RADIUS server, isn’t usually a problem, as it is with WiFi.

Advertisements

Using A DNS Relay On Your LAN

October 13, 2006

As I discuss in The DNS Server Settings On Your Computer, your ability to resolve server names into addresses is almost as important as the ability to contact the servers in the first place. The DNS client structure offers multiple options.

If your Internet service goes thru a NAT router, you may be using the router as a DNS relay.

        DNS Servers . . . . . . . . . . . : 192.168.0.1

Normally, as I discuss in the other article, you would not want a single DNS server. But if you have Internet service thru a single failure point (the NAT router), you might as well get DNS there too. If the NAT router goes out, you won’t need DNS. Simplifying your setup makes sense here.

If you have a collection of computers, you can configure all of them to use the NAT router as an intermediary DNS server. The router maintains the actual DNS server relationships with its upstream feeds, checking the primary, secondary, even tertiary servers, as necessary. Each client has to worry about one relationship – the router.

But this can be a problem in one case. If your NAT router can be overloaded, it’s possible that DNS relay functions may fail, while simple routing continues. The DNS relay function in ICS, if your Internet service depends upon an ICS server, appears to be subject to interruption when CPU load on the system is high.

This may be yet another reason why ICS is not a good solution for sharing Internet service.

More WiFi Bandwidth? Not This Year

October 4, 2006

If you have a network of computers, you’re probably connected by Ethernet in some portion of the network, so you’re used to the Ethernet 100M (or newer 1G) bandwidth. You like the freedom of WiFi, but freedom comes at a cost – loss of bandwidth. The current WiFi standard 802.11g has a maximum bandwidth of 54M (and I should emphasise maximum, here).

So the WiFi manufacturers are trying to satisfy your need for high bandwidth, and they came up with a couple solutions, which will have a maximum bandwidth of 108M. The new standard includes 2 features (using names which vary by vendor):

  • MIMO.
  • Super-G.

MIMO, or Multiple-input Multiple-output, uses multiple radios and antennas. MIMO has two components.

  • Antenna diversity. If you’re familiar with FM radio in your car, and multi-path interference, you’ll know the value of antenna diversity. The idea behind antenna diversity is that, if the signal from a radio transmitter is weak on one antenna, because of MPI, it will, hopefully, be stronger on another antenna some distance away from the first. A special processor does nothing but compare the signal being received by two different antennas, and select the stronger.
  • Beamforming. Antenna diversity counter acts multi-path interference. Beamforming uses the principle of multi-path interference, at the transmitter, to focus the strength of the transmitted signal in one direction. Using the diversity antennas on a MIMO component, it’s possible to identify the relative location of the other device in communication; using beamforming, the transmitted signal is focused in that direction.
  • By combining antenna diversity and beamforming, it’s possible to extend the effective range of a WiFi conversation. You can locate the router / access point, and the client computer(s), at a greater distance from each other, and yet get acceptable performance.

To get 108M, aka Super-G, all 11 802.11b channels are combined. There is one channel – “6”.

Both MIMO and Super-G will give you more bandwidth, and more effective range, assuming that you have no neighbours with WiFi. If you have neighbours (and who doesn’t), only one of you can use a channel at any given time. Your equipment will have to decide how to share the channel. But, there are additional issues here.

  • MIMO will increase the effective size (area) of your WiFi neighbourhood, by increasing the effective distance between WiFi components that can detect each others signals. This increases the number of devices that have to share the channel, at any time.
  • Super-G will increase the size (volume) of your WiFi neighbourhood, by using more of the frequency spectrum to create more bandwidth. More channels used by your WiFi router increases the number of devices that have to share the channel, at any time.
  • More devices that have to share the channel means less time each device can transmit, and less bandwidth available to each client device. More devices that have to share the channel means more possibility of collisions, at any time, and again, less bandwidth available to each client device.
  • Neither MIMO nor Super-G are part of any ratified standards. You can’t predict, with any reliability, how well equipment from different vendors will interact with each other. This will affect performance on your LAN, and between your LAN and your neighbours LAN. Check out ExtremeTech: Real-World Interoperability Tests of Five 802.11n Routers for a good discussion of this issue, with actual hardware testing results.

The dynamic effect of MIMO beamforming may have another effect. When you setup a WiFi LAN, you’re advised to try different channels (most objectively, using NetStumbler or a similar site survey tool). Over some period of time, you should be able to identify the majority of your WiFi neighbours, and pick a less congested channel. With beamforming, you’ll have a dynamic signal pattern, which will change as a WiFi client is moved around the house. There will be a constantly changing visibility of WiFi neighbours, on any given channel (or group of channels). This will cause problems similar to the WiFi hidden node problem.

In short, neither MIMO nor Super-G are products which will be useful in neighborhoods of any density.

For more information, and discussions pro and con, see

The Network Language That Your Computer Speaks

October 2, 2006

If you have Windows XP, and you just ran the Network Setup Wizard, your computer most likely uses NetBIOS Over TCP/IP (NetBT). If all of your computers use this same language, and were all setup properly, the chances are good that you will be able to share files with them.

There are other languages that your computers might speak.

  • NetBT uses IPV4, the current Internet addressing scheme of nnn.nnn.nnn.nnn. IPV6 will expand this to xxxx.xxxx.xxxx.xxxx.xxxx.xxxx, giving IPV6 almost infinitely more address space than IPV4.
  • NetBT is more completely known as “Server Message Blocks hosted over NetBT”. SMBs over NetBT is most useful in small LANs that use broadcasts for name resolution. If you have a LAN with a DNS server for local name resolution, you can Disable NetBT, and use SMBs directly hosted over IP.
  • There are odd circumstances where SMBs hosted over alternate protocols such as IPX/SPX or NetBEUI may be advisable.

Windows XP will support any of the above languages, if you already have a LAN, and want to keep your existing computers as they are right now. If you have a portable computer, and intend to use it on different networks, or if you have a small LAN and want to have the most choices in design and support available, using SMBs hosted over NetBT makes the most sense.

It’s your computer, and your choice. Just know what the choices are, and how they may affect you. You may select IPV4, IPV6, IPX/SPX, and NetBEUI from the Network Connection Properties wizard. You Enable SMBs hosted over NetBT from the TCP/IP Properties – Advanced wizard.

Don’t Do It Yourself – If You Don’t Think About What You’re Doing

October 2, 2006

Whether you’re setting up a new network, or diagnosing a problem with the existing one, think about what you’re doing. Think ahead a bit – be aware of what could go wrong.

The Perfect Plumber